In recent developments, 3Commas, a prominent provider of cryptocurrency trading bots, finds itself on “heightened alert” following reports of unauthorized trades occurring in some user accounts. The company’s co-founder and CEO, Yuriy Sorokin, acknowledged the issue in a blog post on October 8th, 2023, prompting a swift response from the platform.
3Commas unauthorized trades trigger heightened alert
Users of 3Commas reported instances of unauthorized trades in their accounts shortly after resetting their passwords. An internal investigation by the company revealed that only a limited number of customer accounts had been compromised, but the exact number of affected users was not disclosed.
Yuriy Sorokin reassured the community that the platform’s services were running normally while emphasizing that the investigation would continue. The compromised accounts had one common vulnerability – most of them had not enabled two-factor authentication (2FA). Importantly, 3Commas stated that user API data and passwords were not accessed in this incident.
To prevent similar incidents in the future, 3Commas has taken several security measures. Notably, the company has introduced a new approach to resetting passwords, providing an additional layer of protection for users. Furthermore, 3Commas has disabled API connections after a user resets their password, bolstering security further. In light of these developments, the company strongly encourages its users to enable two-factor authentication (2FA) and to regularly change their passwords.
This is not the first time 3Commas has faced security concerns. In December 2022, the platform disclosed an incident that occurred in October of the same year. During this prior incident, user API keys were leaked, leading to unauthorized trades being executed on affected accounts.
Initially, 3Commas denied a breach had occurred and suggested that their customers had been victims of phishing attempts. However, the company later admitted to an API leak, leaving affected users frustrated and demanding refunds and an apology for being initially misled.
Yuriy Sorokin expressed regret over the recent incident and assured users that 3Commas is committed to improving its security protocols to prevent or limit such occurrences in the future. These measures are crucial in maintaining trust within the cryptocurrency trading community, where security and transparency are of paramount importance.
Source: https://www.cryptopolitan.com/3commas-faces-security-concerns/